From: Joel Sherrill <joel@rtems.org>
To: Paul Koning <paulkoning@comcast.net>
Cc: Jason Long <hack3rcon@yahoo.com>,
Eli Zaretskii via Gdb <gdb@sourceware.org>
Subject: Re: Is GDB just for bug hunting?
Date: Wed, 14 Apr 2021 14:05:34 -0500 [thread overview]
Message-ID: <CAF9ehCVwTFFG4-NKKXDj2kRcSMWVvNYhnYRVGYm_X9N9t42ocA@mail.gmail.com> (raw)
In-Reply-To: <40861674-D931-44C6-A4CE-50DC6516DEDF@comcast.net>
On Wed, Apr 14, 2021, 1:48 PM Paul Koning via Gdb <gdb@sourceware.org>
wrote:
>
>
> > On Apr 14, 2021, at 2:37 PM, Jason Long <hack3rcon@yahoo.com> wrote:
> >
> > Thank you for your useful info.
> > If a program is close source, then code review canceled. Thus, how a
> security researcher finds a vulnerability in a program?
>
> Agreed, code review only applies if the source is visible. More
> precisely, if the source is allowed to be disclosed; researchers looking at
> the code while under NDA does not count and serves no significant purpose.
>
> In those case, you're left with test stimuli and reverse engineering. For
> "never seen before" defects, you either need luck (an existing test happens
> to catch it) or a different kind of luck (you created a new test that
> happens to catch it) or lots of skill (you saw the issue during a reverse
> engineering session).
>
> GDB can help with reverse engineering. It's probably not ideal for
> disassembly let alone decompiling, but it does offer disassembly and it
> also gives you insight into the state of the running application and how it
> changes during execution.
>
If you have source, you can use a trick I like. You can look at constant
data in a nice format even for cross compiled programs without attaching to
a target. Sometimes this is a good way to make sure your data structures
are right without really debugging.
I suppose with the Python scripting you could do a lot of you knew the
source. I've always wanted some scripting to analyse the state of an RTEMS
system via gdb to find priority inversions, etc. You could potentially do
some really powerful introspection.
But without application source, things become harder.
--joel
> paul
>
>
next prev parent reply other threads:[~2021-04-14 19:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <581661034.1177110.1618422536149.ref@mail.yahoo.com>
2021-04-14 17:48 ` Jason Long
2021-04-14 18:02 ` Paul Koning
2021-04-14 18:37 ` Jason Long
2021-04-14 18:48 ` Paul Koning
2021-04-14 19:05 ` Joel Sherrill [this message]
2021-04-15 8:24 ` Jason Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAF9ehCVwTFFG4-NKKXDj2kRcSMWVvNYhnYRVGYm_X9N9t42ocA@mail.gmail.com \
--to=joel@rtems.org \
--cc=gdb@sourceware.org \
--cc=hack3rcon@yahoo.com \
--cc=paulkoning@comcast.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).